During the legal agreement phase, it is critical that you outline the required service uptime criteria for the availability of your data. In other words, confirm that your service is going to be accessible for your audience as often as it needs to be, which should be 99.9 percent of the time, or more. Additionally, there need to be agreed remedies, typically financial ones, if the CSP does not honor this requirement. Also be sure to establish a Recovery Time Objective (RTO), which is the maximum amount of time that a system can be down without serious consequences, which is dependent on the business criticality of the service in question.
Prioritizing the value of your data (whether public or private).
Considering the different ways a loss event may impact your organization.
Monitoring and managing your third-party relationships with specific loss prevention protocols.
Testing your network for weaknesses, and addressing them swiftly.
Dedicating resources for information stewardship.
According to the Global State of Information Survey led by PwC US in conjunction with CIO Magazine and CSO Magazine, of 10,000 IT and security decision-makers in 127 nations, 69 percent of respondents use cloud-based security services. This number reflects that the cloud has not only proliferated, but has become a staple in the enterprise IT strategy. Given the survey results, which reveal increasing and continued growth of cloud adoption, Williamson has outlined five best practice guidelines for how companies can assess the capabilities of their critical cloud service providers (CSP).